You want nofail if:
- you don’t want the boot to fail
AND - the pool does not require a passphrase to unlock
nofail prevents waiting on the prompt to the user for the passphrase. Pools that have either Clevis enabled or are unencrypted can safely use the nofail if desired.
If the pool is encrypted and only has a passphrase (no Clevis bindings) or you want the boot to fail if mounting fails, never use nofail.
Does that all make sense?